Subject: sshd still asks for a fake skey response
To: None <itojun@netbsd.org>
From: Bernd Ernesti <netbsd@arresum.inka.de>
List: tech-userlevel
Date: 01/21/2001 10:35:36
On Thu Jan 18 14:37:18 2001, Jun-ichiro itojun Hagino wrote:
>
>
> Module Name: basesrc
> Committed By: itojun
> Date: Thu Jan 18 13:37:18 UTC 2001
>
> Modified Files:
> basesrc/crypto/dist/ssh: readconf.c ssh.1 ssh.conf
>
> Log Message:
> disable s/key authentication request (from client) by default, to prevent
> confusing fake s/key challenge to show up.
> per recent discussion on tech-userlevel.
I don't think that is the correct solution for this problem.
Now I have to change all client configurations to disable the faked skey
response from the sshd.
The better way would be to disable the faking response in the ssh server.
Maybe with a configuration entry, but please turn it off by default.
I tried to build a sshd without skey support, but currently that isn't possible
even with setting SKEY=no in /etc/mk.conf. <bsd.own.mk> uses SKEY=yes so there
is no way to overwrite it.
Any reason why it isn't SKEY?=yes ?
Ok, that still wouldn't work for usr.bin/ssh/sshd/Makefile because the test
is just an '.ifdef SKEY' test, but thats easy to fix when we change bsd.own.mk.
Where I would prefer we fix sshd to not send the fake responses so I don't have
to disable the skey support completly.
Bernd